• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

More security events in 2008 than 2003?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory

View previous topic :: View next topic  
Author Message
jcochran
Just Arrived
Just Arrived


Joined: 13 Sep 2005
Posts: 1


Offline

PostPosted: Wed Aug 03, 2011 9:01 pm    Post subject: More security events in 2008 than 2003? Reply with quote

I just noticed after adding a few 2008 R2 DCs that the volume of security events has drastically increased. Does anyone have any information or resources the outline the changes in the security log for 2008?
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Thu Aug 04, 2011 6:30 pm    Post subject: Reply with quote

Server 2008 added more categories and sub categories for logging, which is why you are seeing more events.
Back to top
View user's profile Send private message
jcochran
Just Arrived
Just Arrived


Joined: 13 Sep 2005
Posts: 1


Offline

PostPosted: Thu Aug 04, 2011 6:32 pm    Post subject: Reply with quote

Thanks. Yes I'm aware of "why" my event logs are bigger, but I was curious if anyone knew if the changes were documented. I have an application that archives security logs and I need to filter appropriately.
Back to top
View user's profile Send private message
ryansutton
Trusted SF Member
Trusted SF Member


Joined: 25 Aug 2004
Posts: 67
Location: San Francisco, California

Offline

PostPosted: Thu Aug 04, 2011 9:08 pm    Post subject: Reply with quote

http://technet.microsoft.com/en-us/library/dd560628(WS.10).aspx
Back to top
View user's profile Send private message
jcochran
Just Arrived
Just Arrived


Joined: 13 Sep 2005
Posts: 1


Offline

PostPosted: Thu Aug 04, 2011 9:13 pm    Post subject: Reply with quote

That describes the new 53 auditing categories which are turned off by default.
Back to top
View user's profile Send private message
jcochran
Just Arrived
Just Arrived


Joined: 13 Sep 2005
Posts: 1


Offline

PostPosted: Sat Aug 13, 2011 12:54 am    Post subject: Reply with quote

Here is some good information that I found. While the 53 new audit categories are turned off by default, new audit sub-categories are added to existing 2003 categories. So if you have any of those audit categories enabled via Group Policy, you will notice more events.

http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/OVERVIEW-Audit-Policy

http://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/Audit-Force-audit-policy-subcategory-settings-Windows-Vista-or-later-to-override-audit-policy-category
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exchange 2000 // 2003 // 2007 & Active Directory All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter